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EXAMINER'S ANSWER 




This is in response to the appeal brief filed 3 1 May 2006 appealing from the Office action mailed 
1 March 2006. 
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(1) Real Party in Interest 

Hewlett-Packard (Canada) Co., a Canadian corporation 

(2) Related Appeals and Interferences 

U.S. Application Serial No. 09/61 1,463 filed June 7, 2000 is a continuation-in-part of the present 
application, which is also under appeal before the Board. Examiner also notes that the primary 
reference Flint et al. U.S. Patent No. 6,453,419 assigned to Secure Computing Corporation 
Roseville, MN (US) has three inventors in common with the present application, which is 
assigned to Hewlett Packard of Canada. 

(3) Status of Claims 

The statement of the status of the claims contained in the brief is correct. 

(4) Status of Amendments After Final 
No After Final Amendments were filed. 

(5) Summary of Invention 

The summary of invention contained in the brief is correct. 

(6) Issues 

The appellant's statement of issues in the brief is correct 

(7) Claims Appealed 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Prior Art of Record 

6,453,419 Flint et al. 17 September 2002 

5,987,61 1 Freund 16 November 1999 

6,484,26 1 Wiegel 1 9 November 2002 
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(9) Grounds of Rejection 

The following grounds of rejection are applicable to the appealed claims: 
Claims 25, 26, 27, 29, 54, and 55 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Flint et al. U.S. Patent No. 6,453,419 (hereinafter '419) in view of Freund U.S. 
Patent No. 5,987,61 1. The motivation to combine these references is to increase security see 
'611 col. 3, lines 4 et seq. "There are still other disadvantages to centralized filtering. The 
approach is difficult to configure and administer. The task of setting up different rights for 
different users, workstations, or workgroups, for instance, is particularly difficult. No facilities 
are provided for delegating certain access and monitoring authority, for example, in order to 
allow a workgroup supervisor to manage less critical aspects of the Internet access for his or her 
group without going through a central authority". This rejection is set forth in a prior Office 
action. 

Regarding claim 54, 

As per the first limitation of claim 54, "A method for displaying access policies for a 
security service for a computer network" is taught in e 419 col. 2, lines 6-51 (Note this 
reference shows how the access policy is built in an graphical user interface (GUI) system). 

As per the second limitation, "services and resources" is disclosed in '419 col. 4, 
lines 26-36. 

As per the third limitation, "the computer network comprising defined users" is 

shown in '61 1 col. 26, lines 18-30 "The user is now ready to specify to which people and/or to 
which computers the new rule is to apply. As shown in FIG. 7F, the wizard dialog 740 (now 
740d) includes a pane which allows the user to define a set which includes or excludes people, 
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computers, and/or groups thereof. In a manner to that previously described for defining activities 
and for specifying applications, the pane includes an outline list 761 from which the user can 
select to include or exclude items". 

As per the fourth limitation, "the method comprising the steps of displaying, on a 
computer display unit, a grid having nodes, laid out on a first and on a second axis; 
displaying, on the grid, unit user labels corresponding to the user data, each user label 
labeling nodes aligned relative to the first axis of the grid, and" is taught in '61 1 teaches 
col. 22, lines 44-59 and col. 7, lines 17-29 "The client-side monitoring component provides a 
preferred user interface 600, as shown in FIG. 6A. The interface 600 serves to display the user's 
current Internet activity and/or past log. As illustrated, the interface 600 includes a main menu 
601, a selection or tool bar 605, a Web applications panel 610, a contents panel 620, and a details 
panel 630. The tool bar 605 provides a display filtering mechanism, affecting the actual 
information displayed by the various panels. For instance, the user can employ the tool bar 605 
for selecting what type of information to show (e.g., applications), which user the system should 
display information for (e.g., the current user or another named user), and what time frame is of 
interest to the user (e.g., "today"). Selection icons 640, positioned along one side of the interface 
600, provide one-click access to user commands (which correspond to those available from the 
menu 601)" and "The present invention, however, is not limited to any particular one 
application or any particular environment. Instead, those skilled in the art will find that the 
system and methods of the present invention may be advantageously applied to a variety of 
system and application software, including database management systems, word processors, 
spreadsheets, and the like . . . Therefore, the description of the exemplary embodiments which 
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follows is for purposes of illustration and not limitation" (note: the GUI has a first and second 
axis this, the grid like appearance claimed is a common display in spreadsheet or database 
applications). 

As per the fifth limitation, "displaying on the grid resource labels corresponding to 
the services and resources data, each resource label labeling nodes aligned relative to the 
second axis of the grid, whereby the nodes in the grid correspond to access policies for the 
defined users and defined services and resources for the computer network, corresponding 
to the user and resource labels" is shown in '61 lcol. 22, lines 60 through col. 23, line 23 
"FIG. 6B illustrates appearance of the interface 600 (now 600a) during operation of a Web 
browser (e.g., Netscape Navigator. TM. or Microsoft Internet Explorer. TM. browser software). 
The applications panel 610 (now 610a) shows the currently-executing applications or processes. 
As shown at 61 1, current Web processes for this example include Internet Explorer. In the 
currently-preferred embodiment, processes are illustrated in an outline (hierarchical) view, with 
individual processes represented by nodes of the outline. Upon the user selecting to expand an 
application node (e.g., by clicking on node 61 1), the system, in response, displays dependent or 
child nodes representing protocols employed by that application. For the application node 611, 
for instance, the system displays child nodes 612". 

Claims 55 and 25 are independent claims containing limitation similar to those present in 
claim 54. 

Regarding claim 26, 

As per the first limitation, "further comprising a user definition component for 
defining a business relationship tree data structure representing a set of the defined users 
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and in which the user labels displayed by the graphical user interface correspond to the 
business relationship tree data structure" is taught in c 419 col. 3, lines 31-47. 
Regarding claim 27, 

As per the first limitation, "further comprising a resource definition component for 
defining a resource tree data structure representing a set of the defined services and 
resources and in which the resource labels displayed by the graphical user interface 
correspond to the resource tree data structure" is shown in c 419 col. 3, line 61 through col. 4, 
line 7. 

Regarding claim 29, 

As per the first limitation, "A graphical user interface" is disclosed in '419 col. 2, 
lines 6-51; 

As per the second limitation, "for a security service for a computer network" is taught 
in '419 001. 2, lines 6-13; 

As per the third limitation, "the computer network comprising defined users 
represented by a business relationship tree data structure" is shown in c 419 col. 3, 
lines 3 1-47; 

As per the fourth limitation, "the computer network further comprising services and 
resources, represented by a resource tree data structure" is disclosed in '419 col. 6, 
lines 25-37 (Also note the similarities between FIGS. 4-8 of '419 to FIG 10 of applicant's 
invention. 
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As per the fifth limitation, "the graphical user interface comprising display means for 
displaying a grid comprising nodes laid out on a first axis and on a second axis" is shown in 
'611 col. 26, lines 18-30; 

As per the sixth limitation, "user labels corresponding to the users in the business 
relationship tree data structure, each user label labelling nodes aligned relative to the first 
axis of the grid" is disclosed in '61 1 col. 22, lines 44-59 and col. 7, lines 17-29; 

As per the seventh limitation, "and resource labels corresponding to the defined 
services and resources in the resource tree data structure, each resource label labelling 
nodes aligned relative to the second axis of the grid, the nodes in the grid corresponding to 
access policies for the defined users and defined services and resources, corresponding to 
the user and resource labels" is taught in '611 col. 22, line 60 through col. 23, line 23. 

Claims 28, 30, and 45, are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Flint et al. U.S. Patent No. 6,453,419 (hereinafter '419) in view of Freund U.S. Patent No. 
5,987,61 1 (hereinafter '61 1) in further view of Wiegel U.S. Patent No. 6,484,261 (hereinafter 
'261). The motivation to combine these references is to increase user flexibility see '261 col. 4, 
lines 38-44 "There is also a need for a way to construct a representation of a network security 
policy in which the representation is easily correlated with the policy. There is a particular need 
for such a mechanism that does not require the administrator to have knowledge about low-level 
network protocol details and about the particular network protocols that are used by application 
programs". This was cited in the previous office action. 

Regarding claim 30, 
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As per the first limitation "the grid comprising inheriting nodes and defining nodes, 
the defining nodes corresponding to access policies expressly defined by a policy manager, 
the graphical user interface further comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining 
nodes in the grid across the inheriting nodes below the defining nodes in each of the 
business relationship tree data structure and the resource tree data structure" is shown in 
'261 col. 13, lines 37-50 "Thereafter, administrators can reference the network objects in the 
Networks tree 720 when developing security policies. For example, the administrator can 
prepare a security policy that accepts or rejects a data packet depending on whether the 
destination of the packet is the software engineering group 726, the marketing group 728, or one 
of the hosts 730 within a group. Accordingly, the security policies are kept simple because, 
rather than incorporating the network-specific information, the security policies inherit 
knowledge about the network from the Networks tree 720. Further, a security policy may be 
attached to a group of objects rather than only to a single object". 

Regarding claim 45, this claim is directed to a program storage device performing the 
method of claims 25, 26, and 30; therefore it is rejected along similar rationale. 
(10) Response to Arguments 

As noted by applicant the previous Office Action mailed 1 March 2006 contain an error 
on page 8 concerning paragraph 6. The following heading should have been in the Office 
Action: 
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"6. Claims 28, 30, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over Flint 
et al. U.S. Patent No. 6,453,419 (hereinafter '419) in view of Freund U.S. Patent No. 5,987,61 1 
(hereinafter £ 61 1) in further view of Wiegel U.S. Patent No. 6,484,261 (hereinafter '261)". 
As understood by applicant the rejection that follows is all directed toward this rejection. 
Therefore pages 1 1 through the middle of page 19, in which applicant addressed that the 102(b) 
rejection of Flint does not meet the burdens of proof, will be ignored, because the 102(b) 
rejection was not placed in the last office action. 

Regarding Appellant's argument 1, beginning on page 19, "To establish prima facie 
obviousness, it must be shown that all the elements and relationships recited in the claim are 
known in the prior art . . . assertion of basic knowledge and common sense not based on any 
evidence in the record lacks substantial evidence . . . Even if all of the features recited in the 
claim are known in the prior art, it is still not proper to reject a claim on the basis of obviousness 
unless there is a specific teaching, suggestion, or motivation in the prior art to produce the 
claimed combination". 

The grounds of rejection stated above show that the motivation to combine references 
'419 and '611 was shown above as well as previous office action. In addition on page 4-5 of the 
previous office action '611 indicates that: "The present invention, however, is not limited to any 
particular one application or any particular environment. Instead, those skilled in the art will 
find that the system and methods of the present invention may be advantageously applied to a 
variety of system and application software, including database management systems, word 
processors, spreadsheets, and the like". The '611 further includes details how the nodes can be 
expanded to reduced to include the details in the display: "For instance, the user can employ the 
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tool bar 605 for selecting what type of information to show (e.g., applications), which user the 
system should display information for (e.g., the current user or another named user), and what 
time frame is of interest to the user (e.g., "today"). Selection icons 640, positioned along one 
side of the interface 600, provide one-click access to user commands (which correspond to those 
available from the menu 601)". 

Regarding Appellant's second argument, beginning on page 20 "Claims 25, 26, 27, 29, 
54, and 55 were rejected under 35 U.S.C. § 103 (a) as being unpatentable over Flint in view of 
Freund . . . However, the Action (with reference to claim 54) now asserts that these features 
missing from Flint are taught by Freund. Appellants disagree. Nowhere do the user interfaces 
(600, 600a) shown in Figures 6 A and 6B of Freund show grids with these recited features ... 
Freund does not disclose or suggest that the tree-structures ever have an organization which 
would enable nodes in the tree-structure to have corresponding user labels and resource labels on 
axes of the grid". 

The grounds of rejection stated above show that, the references as applied should be 
looked at in combination, Freud does show that the tree-structures include organization of the 
information which can be seen by looking through the following figures of Freud 6 A through 6E, 
and 7A through 7K connected with each node, the resource labels are also defined on the grid 
with respect to axis in Flint FIG. 4, 5, 6A-6D, 7, and 8. 

Regarding Appellant's third argument, on page 22 "Nowhere does Freund disclose or 
suggest a grid comprising nodes which are labeled along a first axis with user label and are 
labeled on a second axis with resource labels ... The application panel (610, 610a) does not show 
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user labels which label nodes aligned relative a first axis of a grid and resource labels which 
label the nodes aligned relative a second axis of the grid". 

The grounds of rejection stated above show a graphic user interface (GUI) in both 
references; a GUI is a grid with a first axis and a second axis the labels are in respect to these 
axis's. 

Regarding Appellant's fourth argument, beginning on page 22 "In addition, claim 25 
specifically recites that the nodes in the grid corresponding to access policies for the defined 
users and defined services and resources for the computer network, correspond to the user and 
resource labels. Nowhere does Freund teach or suggest that the nodes in the tree-structure of the 
application panel (610, 610a) correspond to access policies ... Nowhere does Freund teach that 
such nodes in the application panel (610, 610a) may correspond to access policies". 

The grounds of rejected stated above show how Frued nodes correspond to access 
policies in addition see col. 23, line 65 through col. 24, line 15, which defines how rules, i.e. 
policies can be assigned to users or workgroups with various conditions. 

Regarding Appellant's fifth argument, on page 23 "For example, Figure 71 of Freund 
shows an interface (700) that displays a listing of access rules (Column 24, lines 40-44). For a 
selected access rule (723), the interface displays detailed information about the rule in details 
panel (73). However, nowhere does Freund disclose or suggest that such rules are ever displayed 
as nodes in a grid. Further nowhere does Freund disclose or suggest displaying user labels on a 
first axis of a grid which label the access rules aligned relative to a first axis or displaying 
resource labeled on a second axis of the grid which label the access rules aligned relative to the 
second axis". 
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The ground of rejection stated above show the references as applied should be looked at 
in combination, Freud does show a GUI with first and second axis and the details about the 
nodes, in addition see Freund col. 26, lines 18-30 which details how a new rule can be applied 
with the wizard dialog. 

Regarding Appellant's sixth argument, on page 23 "In addition, the rejection relies on 
conclusory statements, not evidence of record. For example, to support the rejections of the 
claims, the Action relies on conclusory statement such as (with respect to claim 54) "the grid like 
appearance claimed is a common display in spreadsheet database applications" (page 5) ... As 
the evidence of record does not support the rejection, the claims should be allowed". 

The ground of rejection stated above show the grid in addition Freud does show that the 
application can utilize spreadsheet and database applications see col. 7, lines 17-29. 

Regarding Appellant's seventh argument, on page 24 "In addition (with respect to claim 
54), the Action states that "it would have been obvious ... to modify a security service for a 
computer network taught in c 419 [Flint] to include a means to configure and administer user 
policy . . . such a combination (at best) would only produce a system for implementing a security 
policy for application on a client using interfaces (600, 600a) which list application and process 
and/or interface (700) which list access rules ... to include the features recited in claim 25 direct 
to a graphical user interface that displays nodes in a grid corresponding to access policies, which 
nodes are aligned with corresponding respective user label on a first axis and resource labels on a 
second axis of the grid". 

The ground of rejection stated above show all the limitations in claim 25. The GUI 
claimed is obvious in both references see figures 6 A through 6D, 7, and 8 of Flint, figures 6 A 
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through 6E, 7A through 7K of Freud. Also note the similar traits of these figures to applicants 
disclosure applicant's Figures 5 is similar to Freund and applicant's figure 10 is similar to Flint 
and Freund. 

Regarding Appellant's eighth argument, "The applied references do not disclose or 
suggest each of the features and relationships recited in claim 25 and the Office has not establish 
> prima facie obviousness. Also, as nothing in the cited art discloses or suggest the features and 
relationships that are specifically recited in the claim, and because . . . allowable for these 
reasons". 

The ground of rejection stated above show the relationships cited in claim 25 as well as 
the motivation to combine. 

Regarding ninth Appellant's argument, "Claim 26 depends from 25 . . . This referenced 
portion of Flint does not disclose or suggest a user definition component for defining a business 
relationship tree data structure . . . nowhere does Flint disclose or suggest that such text is defined 
using a user definition component which is capable of defining a business relationship tree data 
... Further, nowhere does Flint disclose or suggest that the system of Flint is capable of 
displaying user labels in a graphical user interface corresponding to the business relationship 
tree". 

The ground of rejection stated above show this limitation, in addition see '61 1 col. 26, 
lines 18-50. Which indicates how the rules can be applied to individual users or groups of users. 

Regarding Appellant's tenth argument, "Claim 27 depends from claim 25. Column 3, 
line 61 to column 4, line 7 of Flint does not as alleged in the Action show the features and 
relationship recited in claim 27 . . . Nowhere does Flint disclose or suggest that the system of 
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Flint is capable of displaying resource labels in a graphical user interface corresponding to the 
resource tree data structure defined using a resource definition component. Neither Flint nor 
Freund discloses or suggests each of the features and relationships". 

The ground of rejection stated above show this limitation as stated above. 

Regarding Appellant's argument, directed to Claim 55 on page 36, "Claim 55 depends 
from claim 54. The Action has not shown where Flint of Freund teaches or suggests a program 
storage device readable by a machine which tangible embodies a program of instructions 
executable by the machine. Further, as discussed previously, Flint and Freund do not disclose or 
suggest any machine capable of performing the method steps recited in claim 54". 

The ground of rejection stated above show the limitation of these claim in addition 
Fruend shows a program storage device see col. 7, line 64 through col. 8, line 9. 

Regarding Appellant's argument directed to Claim 28, 30, and 45 on page 36 through 39, 
Claims 28 and 45 depends for claim 25, Claim 30 depends from 29 . . . Appellants disagree that it 
would be obvious to combine Wiegel with Flint and /or Freund . . . Further, Wiegel does not 
disclose or suggest the above described features and relationships recited in the parent claim 25". 

The ground of rejection stated above show the motivation to combine the references is to 
increase user flexibility by constructing a representation of a network security policy which can 
be easily referenced see '261 col. 4, lines 38-44, see Wiegel. In addition Wiegel shows the 
limitation of claims 28, 30, and 45 in col. 13, lines 37-50 which shows how a network object can 
be built that incorporates the policy. Claim 25 was shown in the combination of Flint and 
Freund. 
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(1 1) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 




Respectfully submitted, 



Patent Examiner 
Technology Center 2134 
24 July 2006 




